Threat level definition
Search:
Home
Bugtraq
Vulnerabilities
Mailing Lists
Jobs
Tools
Vista
News
Infocus
Foundations
Microsoft
Unix
IDS
Incidents
Virus
Pen-Test
Firewalls
Focus On: Vista
Columnists
Mailing Lists
Newsletters
Bugtraq
Focus on IDS
Focus on Linux
Focus on Microsoft
Forensics
Pen-test
Security Basics
Vuln Dev
Vulnerabilities
Jobs
Job Opportunities
Resumes
Job Seekers
Employers
Tools
RSS
News
Vulns
BugTraq
Back to list
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
Search Unleashed 0.2.10 JavaScript injection (Wordpress plugin)
Feb 13 2008 08:33PM
Krzysztof Burghardt (krzysztof burghardt pl)
Hello all,
There is a bug in "Log" function of Search Unleashed by John Godley,
version 0.2.10.
This plug-in stores search queries but does not validates stored data
and put them back "raw" to browser.
HTML and Java Script can be injected with search request:
/blog/?s=%3Ctextarea+onmouseover%3D%2...
[ more ]
Privacy Statement
Copyright 2007, SecurityFocus
There is a bug in "Log" function of Search Unleashed by John Godley,
version 0.2.10.
This plug-in stores search queries but does not validates stored data
and put them back "raw" to browser.
HTML and Java Script can be injected with search request:
/blog/?s=%3Ctextarea+onmouseover%3D%2...
[ more ]